How safe is your data? Do you password your PDA or SmartPhone? Do you encrypt your data? What about when you sell your device? How do you ensure that your confidential data stays private? Recent studies have shown that 44% of second-hand mobile devices are sold with sensitive data on them. So what can you do? Well, hard resetting your device will go a long way to placing your data out of reach to ordinary users, but not impossible for determined individuals to recover with readily available tools. What can you do?

Aiko Solutions offers the versatile SecuWipe to write over and obliterate your sensitive data, rendering it unrecoverable by anyone. This is a standard security approach on desktops and laptops, but relatively new to the handheld world.

Technical BackgroundInstructions for erasing data from different mobile phones can be found on the Wireless Recycling website. The PDA procedures there, though, simply involve hard resetting your device. That may or may not render your data unrecoverable. Here's why.

On PocketPCs with operating systems older than Windows Mobile 5.0 (PPC 2002 and earlier, WM 2003, WM 2003SE), your databases and other data in storage memory are actually in the RAM, which requires constant power to remember anything. When you removed the power (battery) from the device (and wait for any backup battery to discharge for more than about 30 minutes), it forgets everything. So, to wipe your sensitive data from the device, simply pull its plug for an hour or so. A hard reset will remove all references to the data in the RAM, but the actual data images will remain until overwritten. Only removing all power will cause the data to disappear. The external cards and any internal persistent storage that survives a hard reset (e.g., iPAQ or Dell File Store) are a different story.

Pocket PCs with Windows Mobile 5.0 or newer, the storage memory is in persistent flash ROM. This is great when you want to preserve your data, but not so good if you want to purge it. Hard resetting these handhelds is a lot like formatting a hard drive. (For trivia buffs, it was Paul Mace who first discovered that formatting a hard drive didn't erase its data and started Mace Software with utilities to unformat hard drives and recover deleted files.) Although the exact file locations are lost, the actual data is still in the flash memory on most devices until someone overwrites it. Data could be recovered with software readily available on the Internet.

So, what can you do? The short answer: overwrite the information. (NOTE: The following discussion also applies to hard drives and flash cards.) There are usually two general approaches. The first involves securely deleting a file rather than simply deleting it. Deleting a file removes its entry from the File Allocation Table (FAT), but its directory entry remains hidden in the directory list and the data remains intact in flash or on the card. Securely deleting the file improves security by overwriting the file's data area as well as eliminating the hidden entry in the directory list. At the end of a secure delete, there's no evidence that the file ever existed. Depending on the overwrite method and size of the file, secure deleting could take a bit longer than a standard delete.

The other, complementary approach leverages the way the FAT tracks file space. When a sector contains data claimed by a directory entry (i.e., a file), the operating system counts that sector as used and hence unavailable for new data to be written there. This provides some data integrity as well as telling the operating system how to find all parts of the file. When you delete files, the FAT puts their previously-used sectors into a free space pool. Although the data isn't overwritten immediately (or maybe for some time), its previously-occupied space becomes available to be overwritten as needed. If one overwrites all the free space in flash or on a card, then all the data from previously deleted files becomes meaningless gibberish and the original data unrecoverable. Depending on the amount of free space to be overwritten and what method is used, this overwrite could take a while.

The way that you overwrite data on magnetic media matters. Peter Gutmann wrote the definitive paper, Secure Deletion of Data from Magnetic and Solid-State Memory, on the subject back in 1996. Although quite technical, Gutmann's paper opened a lot of eyes on data security. In short, he showed that both the characters used in overwriting as well as the number of times data is overwritten both matter. Of course, the U.S. Department of Defense also has specifications for securely overwriting data, US Department of Defense DOD 5220.22-M, on magnetic media. These and a few others provide a good basis for securely deleting your sensitive, private information.

With this brief background on SecuWipe's value, let's look at SecuWipe itself.

SecuWipe's Overwriting AlgorithmsThe folks at Aiko Solutions used their knowledge of these various overwrite schemes to offer the user a variety of choices. I list these from Aiko's website in ascending order of effectiveness and also the relative time each takes to run:

1. Zeroing-out - everything is overwritten with "0" pattern - 1 pass; 2. US Department of Defense - U.S. DoD 5220.22-M (C) - everything is overwritten with a random byte - 1 pass; 3. U.S. DoD 5220.22-M (E) - everything is overwritten with "0", "1" and with a random byte - 3 passes; 4. U.S. DoD 5220.22-M (ECE) - used method #3, then #2, then #3 - 7 passes.5. Bruce Schneier's algorithm - the first pass overwrites the file with the bit pattern ?0?, the second with ?1?, and the next five with a cryptographically random bit pattern (SHA 512-bit is used to generate cryptographic random) - 7 passes. 6. Peter Gutmann's algorithm - 35 overwrite passes in total, it is considered the strongest method for data destruction. The cost of this security, of course, is time; wiping a media card using Peter Gutmann?s algorithm will take more than 5 times longer than wiping the same card with Bruce Schneier?s algorithm.

So, depending on the time that you have and how safe you wish to be, SecuWipe provides a good selection of approaches. For most purposes, the DoD 5220.22-M (E) will provide sufficient security unless you are running for political office these days.

Using SecuWipe

SecuWipe presents a clean and easily understood opening screen. Simply select the operation which you'd like to perform. Wipe File will only allow a single file to be processed.

Wipe Folder/Flash will allow entire directories to be securely deleted:

Wipe Free Space overwrites all areas of internal storage memory or a flash card (SD, CF, etc.) that aren't currently claimed by files. It offers you a dialog from which you may select the target media:

Another benefit of Wipe Free Space is that it will overwrite temporary files used by the system and applications (MS Office apps, Internet Explorer, etc.) that are deleted during the course of normal operation. These temporary files often contain privacy information.

Custom Wipe allows you to select specific and multiple things to overwrite:

You cannot select individual appointments, contacts, or notes, but SecuWipe handles their entire databases. If you have multiple mailboxes, it will securely delete all the messages in individual boxes. For Internet Explorer, you can select cookies, cache, and/or history individually for secure wiping. Under Free Space on this screen, you can select multiple storage locations, e.g., storage memory and SD card. Very convenient.

There's one minor ?feature? that I noticed under the custom screen for Files/Folders. If you select all files in a folder, SecuWipe will delete the folder as well. I tried deselecting the parent folder, but then SecuWipe deselected the files as well. It would be nice to be able to securely delete all the files in a folder without deleting the folder itself.

Once you select your targets for secure deletion, SecuWipe offers you the algorithm choices on a continuum from low to high security:

After that, you are off to the races. SecuWipe first confirms that you really want to securely delete the target, then provides a running countdown with a time estimate and a progress bar. The time estimates proved pretty accurate according to my stopwatch.

Testing SecuWipeTo test SecuWipe's operation, I deleted a number of things both in storage memory and on the CF card. I then used the Linux utility PhotoRec, which despite its name actually recovers any kind of file it finds. It performs the recovery by actually scanning the card for the raw data, thereby providing an excellent check on SecuWipe's overwriting routines. After deleting the three files normally, PhotoRec had no problem recovering them:

I then wiped the free space on the card using DoD 5220.22-M (E) and again tried to recover the files with PhotoRec:

PhotoRec didn't find any usable data in the free space! I repeated this same procedure a number of times with various overwrites while securely deleting files and directories with the same success. I encountered no difficulty in any phase of the operations. SecuWipe's simple interface made all tasks simple to accomplish.

I found SecuWipe pretty quick on both internal storage memory and external cards. I tested using a 2 GB Kingston 50x CF card with 94.2MB free in an HP iPAQ 211. Here's the continuum of security level vs. time under identical conditions (hh:mm:ss):

You can clearly see that the time required to overwrite space increases dramatically with the level of desired security. I believe that the DoD 5220.22 (E) method provides good security for the time spent.

ConclusionIt's a mean world out there. Criminals want your private information to steal your identity or defraud you in other ways. Some people post other folks' private information on the web to embarrass them. We need to do everything possible to protect our private and sensitive information, yet studies show a shocking general ignorance of these threats. SecuWipe 1.0 provides a simple and effective solution to keep your data private on Windows Mobile devices. At $39.95, is provides a good value for its service.